sudoers nopasswd screwiness
Craig White
craigwhite at azapple.com
Wed Dec 7 08:17:32 UTC 2011
Can't really explain this behavior.
Don't have the actual contents of the file (I am at home and this
concerns work) but it's /etc/sudoers.d/user and it has something like
Cmnd_Alias SYNC /usr/bin/rsync
user ALL:=NOPASSWD(ALL) SYNC
(this may not be the exact contents)
Anyway, I use puppet on these systems and all of the systems under
puppet control have this exact setup (/etc/sudoers
& /etc/sudoers.d/user) and for that matter, also common-passwd,
common-session, common-auth in /etc/pam.d and the user (like all but the
system users) comes from LDAP. Also, /etc/ldap.conf, /etc/nsswitch.conf
are all handled by puppet and thus are exactly the same from computer to
computer.
On 2 computers, this user is asked for his password in order to run the
rsync command but on other computers, this same user is not. The user is
not included in local groups but rather only in LDAP groups.
/etc/sudoers & /etc/sudoers.d/user are indeed 0440 (again managed by
puppet) so it's not a permission issue on these files.
What else could possibly be at play?
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the ubuntu-users
mailing list